Businesses targeted by cyber criminals through their supply chains rises by 600%

By | |

Are you a bigger company? Well, you’re at risk, and we’d like to help.

Right at the end of last year, the EU agency for cyber security ENISA cited a big increase in the number and sophistication of businesses like yours being digitally attacked via their supply chains: fourfold between 2020 and 2021. This week, digital security company Risk Ledger estimated that supply chain attacks rose by over 600% in 2022. All of which probably explains why the UK’s own National Cyber Security Centre published specific guidance at the end of last year, encouraging those in the procurement sector to do more to secure their supply chains.

But you’re probably not doing enough.

This month, the government’s annual report into cyber breaches showed that just one in eight businesses look at the risk posed by their wider supply chain. It’s lower for charities, and even the largest of organisations only reviews wide supply chain security in a third of cases. The report noted three key risks:

  • Third-party access to your systems
  • Suppliers storing your data or IP
  • Suppliers being compromised, and having their accounts used as a launchpad for phishing attacks and malware

We’ve found that the report was exactly right when it said that it tends to be IT suppliers who are scrutinised. There’s a real blind spot elsewhere. What if one of your business units publishes a smart device, or forges a partnership that requires exchange of data, or even just provides a service giving them a point of contact in your finance team? Chances are, you’ve no way of knowing whether these third parties know the first thing about basic cyber security.

And you certainly don’t have the resources to educate them.

Which, we like to think, is where we might come in. The South West Cyber Resilience Centre is one of a national network of Home Office-funded, police led centres which exist to support businesses with the basics of cyber security. Bluntly, we’re happy to take on everyone that you trade with, signing them up for free protection. We give them basic NCSC guidance, we give them support to implement it, and we walk them through a 12 week programme about implementing the basics in an accessible way. From our experience, you’d be surprised how many people don’t understand even good password hygiene or 2fa. We’ll also provide them with monthly threat updates, to keep them safe, and we can even offer them technical assessments of their cyber security thanks to our partnerships with local universities.

If you’d like to talk about how we can work with you to reduce one of your biggest risks, please get in touch. We’re happy to help, and it won’t be a sales-led conversation. It’ll be about doing the right thing, for you and the local companies that are the lifeblood of our region.

Contact Mark Moore, SWCRC.